Cloud Security: You’re Doing It Wrong

You’re doing it wrong, also known as YDIW, is a meme for when people make egregious mistakes IRL (In Real Life). The phrase is so popular, PBS even created a show around how to get back on track for when YDIW. There are probably hundreds of things that we all do wrong on a daily basis, and small to midsize businesses are no exception – for example, most of them drop the ball with cloud security. Here’s why…

Why You’re Doing Cloud Security Wrong

1. You assume you know what’s going on.
You’ve sanctioned Dropbox and Office 365/OneDrive. There are defined processes and rules of engagement with cloud apps. Employees follow these rules perfectly. Really? If you think everyone follows unenforced rules perfectly, here are a few facts:

Employees average using over 700+ cloud apps. Organizations as a whole average well over 1k cloud apps.

1 in every 5 files uploaded to the cloud contains sensitive information.

Most businesses condone some use of cloud apps due to their ease and efficiency. Most businesses think that written rules and processes are adequate measures for hedging the risks that cloud apps create, but they don’t even come close.

Businesses have security, visibility and control over everything outside of cloud apps. Why should cloud apps be the exception to normal IT security measures?

2. You task employees with security.

Your employees are awesome. Their execution is impeccable and they always meet deadlines. Following security rules benefits everyone and strengthens the organization to create a solid digital defense. Everyone is on the same team; a cohesive unit. There is a good chance that everyone believes they aren’t the weakest link, but someone always is.

People are terrible at self-policing. Take driving for example. There are moments where everyone isn’t as good of a driver as they expect. We all get lost, listen to our GPSs when we shouldn’t and make split second decisions on the road at some point. Yet somehow, it’s always the other driver’s fault.

Tasking each employee with IT security responsibilities is like saying the roads don’t need any rules – everyone will self-regulate.

3. You trust cloud app security.

Sticking with the car analogy here, we’d like to think that every road and every car is in impeccable condition. Even though we’ve improved driving safety dramatically over the last 100 years, safety still isn’t a promise.

We use cloud apps as though safe driving conditions were guaranteed. Mainstream business use of cloud apps has been around for less than a decade and in many ways, the internet is still like the Wild West. We use it at our own risk.

Cloud vendors are huge hacking targets. As cloud providers store more sensitive information, they become a bigger target for hacking.

4. You say one thing and do another.

This is the crux of all cloud security issues. The people who use technology the most are also the most likely to break the rules. When you drive all the time, you know what you are doing and you feel like you own the road. Similarly, when you have control over security measures and use technology all the time, you feel like exceptions to the rules should be made in your case.

Cloud use is growing, security risks due to cloud app use are also growing and businesses get to decide if those risks should be a concern. When it comes to cloud security, Y(probably)DIW, but you can do it right by setting up cloud app monitoring. Visibility into cloud use means IT pros can: